Claude Van Orden, CISA, CISM

Manchester, NH *****

Mobile: 603-***-****

https://www.linkedin.com/in/claudevanorden/

ad4bsc@r.postjobfree.com

Professional Summary

As an IT Security, Risk and Compliance Consultant/Analyst/Project lead, information security assessments/projects were brought to completion on-time and within budget.

Oversight activities were conducted at Fortune 100/500 companies, SMBs, public utilities, education and State/Federal Government agencies utilizing FAIR Risk Factor Analysis, SOX, PCI-DSS, MA 201, FISMA/NIST, ISO 27001/2013, HIPAA, GDPR, SSAE 18, SOC 1/2/3, CIS Top 18, CSA, Business Continuity/Disaster Recovery and information security audits, risk management and compliance frameworks.

Roles (Contract and FTE)

As Team Lead/Project Lead: Cybersecurity System Analyst • Senior Information Security Analyst • IT Security and Compliance Analyst • Security Advisory Services Lead • Technology Risk Analyst

Director of Information Security and Privacy • PCI-ISA Security Assessor • Senior IT Auditor

Business Analyst • Network Administrator • IS Analyst

Technical Skills

Standards Guidelines/Frameworks

NIST 800-53r5, CSF, FAIR risk factor analysis, Agile Scrum stories and standups, PCI-DSS 3.0/3.2.1, ISO 27001/2013, GDPR, HIPAA, SOC 1/2/3 SSAE18, Cobit 5, COSO (SOX), CMMI maturity model, CISA BCP/DR/BIA frameworks, CSA, CIS Top 18

Operating Systems & Apps

Apps: Atlassian Jira (for Agile Scrum) / Confluence, SnowFlake, Archer, Open Pages, Service Now, RiskLens (automated FAIR Analysis-ALE calculator, aka Safe Security)

OS: Windows, Android, IOS, UNIX; HP-UX; LINUX (Red Hat, Ubuntu, Mint, Kali),

Additional Highlights

CISA (Certificate #0757175)

CISM (Certificate #1425993)

EU general data protection regulation practitioner (GDPR P)

(Certificate #982830)

PCI-ISA “Internal Employee” Credit Card Security Assessor Certification (Sept. 2011 to Sept. 2012). Oversight of PCI Compliance Program at Global Partners LP and their Fuel-Distribution division, Alliance Energy LLC. (Certificate #800-733)

Employment

Fidelity Investments Hybrid remote-Merrimack NH May 2021 – June 2023

Cybersecurity System Analyst

Contingency consultant for Fidelity’s Internal Audit Engagement (IAE) group, to build partnerships with Fidelity’s Enterprise Cybersecurity (ECS) Product Areas, as well as Tech Risk business units, in tandem with brokering (negotiating) relations with Fidelity’s Internal Audit team to proactively pre-identify control gaps in advance of their regularly scheduled internal audits and readiness assessments. Spearheaded milestone stakeholder arbitrations to concurrently compare, challenge, limit or reduce the Internal Audit team’s subsequent findings PoV (Point of View) report being provided to senior management and the Board. Mainly utilized NIST controls frameworks (including 800-53r5 and CSF) for best practice corporate and IT technologies policies, standards and playbook triage/remediation.

Performed FAIR (Quantitative Risk) assessments of ECS Product Area controls by utilizing RiskLens ALE calculations, to compare and in some cases make arguments against the Tier severity level initially reported by Internal Audit’s “canvas” and “PoV” (Point of View) audit report findings.

Participated and facilitated in Internal Audit’s fieldwork and findings/observations discussions with the ECS Product Area leads (auditees), tracking Product Area remediation and closure of issues, ensuring Internal Audit observations are valid, correct, agreed on by stakeholders and addressed on a timely basis.

Dell Technologies/SecureWorks (Security Advisory Services) Sept 2015 – Oct 2020

Senior IT Security Analyst FTE

For SecureWorks' numerous clients, performed nationwide onsite security assessments and delivered detailed and actionable annual cybersecurity assessment reports and security roadmaps, aligned to the following frameworks and assessment types:

NIST, ISO 27001:2013, CIS Top 18, HIPAA, GDPR, CSA, Secureworks’ proprietary ISA, CMMi Risk Maturity, Business Continuity / Disaster Recovery, Cloud, NIST 800-30 risk assessments.

Assessed security domains including Access Management, Vulnerability Management, Physical Security, Transmission Security and Encryption, Service Provider Oversight, Software Development/SDLC, Network Infrastructure, Incident Management, BCM/DR, Log Management, Change Management, Data Classification/Asset Management, Mobile Device Management.

Responsible for providing Cybersecurity assessments for the following Secureworks client verticals:

Fortune 500 companies, SMBs, public utilities, Boards of Education, State/Federal Government agencies, Healthcare organizations, Legal and Financial firms, Banks/Credit Unions, Colleges and Universities, Manufacturing, Real Estate, Insurance firms, Hospitals, Software firms.

ClearBridge Technology Group Waltham, MA Jun 2015 – Jul 2015

Network Remediation Consultant at Constant Contact PCI credit card security program

PCI Network Security contractor at ClearBridge Technologies’ client Constant Contact online email and marketing company.

Reported to Network Engineering group as interim PCI credit card security and compliance remediation team lead.

Led remediation and status tracking of PCI DSS network requirements for the Network Engineering team and liased with the IT Security and Risk Management team. Assisted with development of the Network diagram and PCI segmentation for scoping for PCI v3.0 Requirement 1.1.2, linking it with the payment credit card data flow diagram (1.1.3), and authored network SOPs (Standard Operating Procedures) for corporate security Standards.

Hewlett Packard (HP) - (client of Insight Global Staffing) Feb 2015 – Jun 2015

Cyber Security PCI Consultant Remote

Remote Insight Global Staffing contractor for client Hewlett Packard's 2015 PCI Credit Card Security initiative.

Reported to the HP PCI PMO and HP Global Cyber Security Office. Liaison for the HP PCI PMO, HP ISOs (Internal Security Officers), and HP internal/external PCI assessment stakeholders representing HP Applications, HP Internal Call Centers, and Third Party Vendors.

Monitored and updated RSA Archer GRC system-of-record (“eRisk Manager”) as well as SharePoint evidence repositories to reflect current PCI credit card environment for HP’s PCI DSS PMO, SMO (Separation Management Office) and Global Cyber Security groups' PCI compliance activities.

Meeting organizer for Pilot FY15 PCI HP Software Group Assessment Weekly Status Meetings; tracking project status.

Reviewed contractual PCI agreements and obligations of HP and its customers.

Hollister Staffing Boston, MA Sept 2014 – Jan 2015

PCI Credit Card Security BA / IT Security Analyst – Consultant/Contractor

At their eCommerce education client Ascend Learning:

Drafting PCI-DSS Business and TechOps Narratives and Flowcharts describing current credit card transaction flows on enterprise-wide eCommerce web portals, both in-house and in the cloud.

Conducting PCI-DSS Business and IT Security gap analysis, noting findings and making recommendations for PCI credit card processing gap remediation.

MEMIC (Maine Employer’s Mutual Insurance Company) Portland, ME Feb – April 2014

Director of Information Security and Privacy – (Direct report to MEMIC's CIO).

Assessed security baselines of existing company IT technologies including: email systems (MobileIron, Lotus Notes, Domino, Traveler, Websense Gateway), patching and imaging system (DELL KACE 1000 and 2000), Web Proxy/ Filter (Websense), laptop encryption (Symantec PGP Whole Disk Encryption), Cisco Network edge devices, servers and applications, anti-virus system (Trend Micro), SIEM (RSA enVision), network diagrams, and logical access (Microsoft Active Directory).

Liaised with Director of IT Operations, Director of IT Applications, Manager of Web Applications, and MEMIC’s external Legal Counsel.

Implemented the following pilot IT Security and Privacy initiatives:

Heartbleed Bug – Spearheaded and led investigation of MEMIC’s Partner/Vendor claims regarding their Heartbleed Bug status.

Review of current IT Security policies and procedures for timeliness, accuracy and ownership of the stakeholders.

Chartered, developed, and led a company-wide Risk Management Plan to locate presence of HIPAA PHI and PII data throughout the environment, and determine logical and physical access to that data.

Review of PHI and PII transaction flows within the LAN environment, as well as external interfaces to our trading partners and vendors.

Conducted an IT Security Gap analysis and Risk Assessment of MEMIC’s IT Department.

Instituted weekly IT Security Status meeting with the Director of IT Operations.

Reduced the company's annual legal Privacy/Compliance law attorney consultation fees through the recommendation and implementation of a Privacy and PII/PHI Law app and publication.

John Hancock Insurance - (client of Apex Systems) Burlington, MA Oct. – Dec. 2013

SOX IT Internal Audit Consultant - Contractor

At Apex Systems client John Hancock Insurance (Internal IT Audit division) in Boston, conducted fiscal year-end SOX TOD and TOE testing of key controls for Manulife Global User Access, Change Management, Incident Response, and Disaster Recovery, utilizing Paisley GRC application.

Massachusetts Department of Transportation – (client of Taino Consulting Group)

Boston, MA March – Sept. 2013

PCI Credit Card Security Analyst – Contractor

PCI card security project management for State of Massachusetts Department of Transportation (MassDOT) and MBTA’s 2012-2013 PCI-DSS credit card processing compliance and gap assessments effort.

Liaised between the current PCI QSA external auditing company (Coalfire) and MassDOT/MBTA IT senior management stakeholders and process owners.

Conducted and led PCI scoping, IT stakeholder interviews and IT baseline security controls assessment status meetings with MassDOT/MBTA IT Security, IT Operations, Networking, Desktop, and other IT department heads.

Oversight of PCI and IT Security documentation and content management for MBTA and MassDOT policies, procedures, standards, as well as archival of workpaper exhibits for the PCI QSA and other IT auditing entities.

Preparation of various PCI metrics and tools, including CMMI Maturity Model and Microsoft Project Gant Chart, and incorporation of a ROC (Report on Compliance) mapped Documentation Request list (DRL) and tracker matrix.

State Street Bank – (client of Randstad Technologies) North Quincy MA

Nov 2012 – Dec. 2012

SOX Internal Audit Consultant – Contractor

Year-end GCC Logical and Physical Access Controls testing and findings assessments.

Abt Associates – (client of Taino Consulting Group) Boston MA Sept 2012 – Oct 2012

FISMA/NIST Security Analyst – Contractor

Collaborated with client's IT Director of Security and also their Manager of IT Security at Abt Associates to develop their pilot SSP (System Security Plan) for implementation of FISMA/NIST IT Security controls around a Linux and VMWare HA enclave for HIPAA and PII data.

Collaborated on Risk Assessment of these FISMA security controls established in the SSP for the enclave.

Global Partners/Alliance Energy LLC Waltham, MA March 2011 – July 2012

(Full-Time Employee) PCI credit card IT Security and Compliance Analyst

PCI ISA certified Project Lead for PCI Credit Card Security and Compliance requirements assessment and gap remediation at over 150 corporate and franchise C-store locations. Obtained PCI training and certification as an ISA (Internal Security Assessor through PCI-SSC).

Also responsible for:

Developing company’s SOX and MA 201 procedures for Logical Access and Change Management.

Designed and developed corporate Risk Management program for PCI-DSS compliance.

Abt Associates – (client of Sentri Inc. – Microsoft Gold Partner and Implementer)

Westborough, MA Aug – Nov. 2010

NIST Lead Security and Risk Analyst – Contractor

FISMA Compliance (moderate level – for contractor/vendor) readiness consulting – Risk Assessment – Prepping for C & A package

Provided ongoing NIST IT Security guidance, reviews and assessments for one of Sentri’s clients (Abt Associates, a government contractor) during their Technology Transformation migration to the Windows platform (from their current Novell/Lotus Notes/Domino platform), consisting of the following Microsoft technologies:

Windows Server 2008 R2, AD (Active Directory), RMS (Rights Management Server), SCOM, SCCM, FIM (Forefront Identity Manager), Microsoft's Cloud for Exchange (BPOS - Business Productivity Online Suite including Blackberry Server), DNS, DHCP, IIS, IE, Windows 7, on-prem PKI – as well as non-Microsoft technologies NetApp SAN, and VMware ESXi V-center.

Enterprise security auditing tools familiarity including Microsoft SCOM - System Center Operation Manager (MOM) Management Packs, and SCCM - System Center Configuration Manager Desired Configuration Management (DCM) baselines, leveraging Microsoft Security Solution Accelerators and other Microsoft Security Enterprise auditing tools.

Lighthouse IT Compliance Group RI and Massachusetts Mar – June ‘10

Security, Risk and Compliance Analyst – Contractor

PCI-DSS SAQ, MA 201 and IT Security and Compliance reviews.

At various College, Banking, Health Care and Retail clients, acting in a QSA capacity for multiple PCI-DSS annual SAQ D preparation and submittals, and implemented MA 201 CMR 17 compliance and audit readiness program.

Symphony Services Engineering Staffing Westford, MA Nov – Dec ‘09

Software Engineer/ PCI-DSS IT Security and Compliance Consultant – Contractor

Collaborated with an NAC Network Management application software development company’s Director of Engineering to design and implement a set of pilot PCI-DSS (Payment Card Industry) reports utilizing Crystal Reports 2008, based on PCI requirements and BI from their software product’s NAC production SQL database.

Tested and verified the application report results.

Performed SQL queries with MySQL command line and GUI query browser.

Validated data transfer and document output/input.

Alexander Technology Group/Long Term Care Partners, LLC Portsmouth, NH 3/09 – 4/09

Information Security Analyst Consultant – Contractor

For client Long Term Care Partners, LLC, administrators of The Federal Long Term Care Insurance Program, sponsored by the U.S. Office of Personnel Management.

Primary responsibilities:

Assist in the development and management of security documentation (policies, procedures, etc.)

Monitor and report on the compliance of information systems.

Map policies and procedures to:

oFISMA NIST Certification and Accreditation program (C&A)

oThe newly-revised HIPAA, specifically arising from the recent ARRA HITECH Act.

Business Continuity Planning and Disaster Recovery

oCollected, tracked and aggregated Business Unit plan updates, assisted in the development/design, scheduling and testing of BCP/DR plans.

BDO Seidman, LLP - (client of Robert Half Management Resources) Boston, MA Sept ’08 – Oct ‘08

IT Risk Assurance Services Consultant – Contractor

Collaborated with BDO Seidman Risk Assurance Services Managing Partner to write pilot prototype Global Data Center IT Security Policies for their University client Laureate Education, Inc., including “Perimeter Security – Firewalls”; “Software Download and Installation”; “Mobile Devices”; “Remote Access” ; “Encryption Requirements”; “Internet and Electronic Communication Usage”; and “Acceptable Use”

Harvard University – (client of Sapphire Technologies - Cambridge, MA June ’08 – Aug. ‘08

IT Security /Risk Consultant – Contractor

Collaborated with the Director of IT Security at Harvard University School of Arts and Sciences, and with school faculty to develop and implement a pilot internal IT Security controls framework and Risk Management / Risk Assessment program for one of Harvard’s largest Undergraduate schools. Assessment tools and frameworks including ITIL V3, PCI-DSS, NIST, Cobit, COSO and ISO 27001/ 27002.

Deliverables included:

Identification of high-risk data used by department systems.

Development of a Security Controls testing matrix/tool, and mapping the school’s University Security Policy standards to each of the frameworks (Cobit, ISO, PCI, NIST, ITIL, and COSO).

Documented remediation recommendations, and additional inherent controls to secure confidential data information systems.

Axis Technologies - Textron/Bell Helicopter - Roanoke, TX Dec. ’07 – Feb. ‘08

SAP IT Security/Controls Lead Consultant – Contractor

Developed SAP Application Controls Objectives and Risk Framework for Aerospace and Defense Government contractor Bell Helicopter. Risk Assessment utilizing FMEA Lean 6 Sigma Failure Mode and Effects Analysis tool.

Ensured security compliance with parent company Textron COE, Military Contracts, U.S. Government DOD (Munitions, FAR, DFAR, ITAR, DCMA, DCAA) and Commercial Contracts SOX/security control requirements.

Led controls and process security review of PBL (Performance Based Logistics) Defense Contract requirements for V-22 and AH-1W attack helicopter aircraft, facilitating retirement of older legacy data systems and interfaces for migration to SAP MRO PBL scenario.

Reviewed SAP 4.6C modules and Legacy applications, including MRP, BOM, Inventory, AP, AR, & Purchase to Pay, during corporate’s ongoing Business Systems Modernization ERP projects.

Contributor to “To-Be” Design Reviews with SME’s for implementing MRO functionality into SAP 4.6C during Wave 1 phase of project with forward looking to Wave 2 SAP 6.0.

Robert Half Management Resources SAS 70 Audit Woburn Nov. ‘07

SAS 70 Consultant – Contractor - For client Diversified Credit, implemented pilot internal controls and security framework (SAS 70 Type 1) to prepare them for upcoming SAS 70 Type 2 compliance requirements.

CMGi /Moduslink Corp. Corporate Headquarters Waltham, MA July ’06 – Sept. ‘07

Senior IT Auditor / SAP Security Analyst – Full Time Permanent

Collaborated with the Director of IT Internal Audit and Compliance to develop the FY 2008 Corporate IT Risk Management Plan for CMGi’s Moduslink Division, which specializes in Supply Chain Management (SCM).

Designed Pilot Security Risk Assessment draft framework (FY ’08), mapping operational, entity, technical, and security IT risks to CobIT, COSO, ITIL and ISO 27001 High Level and Detailed control objectives.

Developed an Operations Internal Controls (non-SOX) risk framework and list, and from that performed a FY ’07 Risk Assessment on SAP 5.0, Microsoft SQL Server 2000, Win32/WinNT platform including AD (Active Directory) LDAP, and Global Network and Application Interfaces, mapping back to CobIT control objectives, for review by Senior Management.

Reviewed and assessed PCI-DSS audit findings.

Project Lead, SOX 2007 FYE (as of July 31) for year-end TOD and TOE testing and remediation of ITGC (GCC) controls at CMGi Waltham Corporate headquarters’ Data Center. Project lead for roll forward testing and remediation of corporate IT controls for FY ‘08.

Retested ITGC remediated controls for four U.S. and International corporate data center locations, for FYE ’07, facilitated audit with external auditor KPMG.

Hired and trained an IT Auditor in CobIT controls risk assessments, and SAP migration pre- and post-implementation Security controls review. Also interviewed and hired a SOX Coordinator.

Designed, and then gave a presentation of 2007 IT Audit Plan to the Senior IT management team including the CIO and Director of Internal Audit for the SAP 4.6C -> 5.0 data conversion and upgrade (migration) rollout to the global data centers.

Designed, spearheaded and implemented an IT and Application controls framework for the SAP Data Conversion and migration, including SAP Rollout Critical Controls, and their corresponding Test Procedures.

On-site Project Lead of three-member Risk Assessment team at Moduslink’s Newark, CA Data Center in Sept ‘06, for review and assessment of SAP Data Conversion processes and procedures. Implemented SAP Global Data Center Rollout Critical Controls. Designed corresponding test procedures.

GR Consulting (Temp Agency/CPA Firm) – SOX IT AUDIT Pittsburg, PA April – June ‘06

Senior IT Auditor Consultant – At client site at Volt Information Services in New York – SOX IT Audit Review of Corporate headquarters’ UNIX Data Center in Manhattan, and Westbury LI. Developed IT Internal Controls Risk Assessment Matrices and GCC test scripts based on corporate IT control activities, and tested approximately 100 IT Controls for HP 9000 HP/UX GCC Security at both UNIX Data Centers. Also reviewed and assessed Application Controls of Great Plains Software for a remote site installation.

Robert Half Management Resources – SOX IT AUDIT Manchester, NH March – April ‘06

SOX IT Compliance Consultant – At a public utility Pennichuck Water Works Corporate headquarters, developed IT process documentation and assessed with CobIT maturity model, collaborated with Manager of IT department on SOX IT General Controls Narratives. Led IT Control Gap Status meetings for Gap remediation. Initiated IT Internal Controls risk assessment, and vetted an initiative with the Board of Directors to create an IT Steering Committee.

netPolarity Staffing at client Mercury Interactive Software – SOX IT AUDIT Oct. ‘05 – Jan ‘06

SOX IT Audit Consultant - At Mercury Interactive (Mountain View CA Corporate headquarters), performed multiple SAS70 risk assessments and reviews of client’s numerous outsourced service vendors. SOX GCC testing on Change Control, Backup and Restore, Logical and Physical Security. Reviewed and assessed SDLC policies and procedures – Facilitated meetings between PwC external auditors, Mercury BPO’s/SME’s, and line/senior management.

Hudson Financial Staffing at XL Capital Insurance – SOX IT AUDIT New York, NY Aug–Sept ‘05

SOX IT Consulting –GCC’s control testing at client’s (XL Capital Insurance) Corporate headquarters, a “reinsurance” Insurance company based out of Bermuda and Stamford, CT. Also evaluated the effectiveness of Logical and Physical Access security measures; PwC external auditors.

Datamatics/Bridgemark at Aeroflex – SOX IT AUDIT Duluth, GA July – August ‘05

SOX IT Audit Consultant – Performed detailed evaluation of data processing systems and operating procedures - GCC’s control testing at client (Aeroflex) in Ann Arbor, MI. Facilitated internal audit with KPMG external auditors.

Procom Staffing at Nortel Networks – SOX IT AUDIT Toronto, Ontario CA May – July ‘05

SOX IT Consulting – SAP interfaces SOX Gap Remediation consulting for Nortel Networks, submitted recommendations for improving current standards during their IT gap remediation of SAP 4.6, Unix and Oracle Financial interfaces infrastructure (200 + interfaces). Facilitated internal audit and Deloitte external auditors.

Spherion Staffing – SOX IT AUDIT Boston/Marlborough MA & Santa Clara CA April–May ‘05

SOX IT Audit Consultant – At client 3COM Corp. headquarters, re-assessed and retested onsite one of their outsourced vendor’s failed SAS70 at their Santa Clara CA location – Conducted SOX GCC controls testing (second pass) and SAP 4.6 application controls testing. Reviewed corporate binder documentation of Change Control for GCC’s and ERP/Enterprise Application(s) at 3COM’s new Corporate Headquarters in Marlborough MA. Reported to 3COM Director of Internal Audit. Deloitte external auditors.

PSSI (Professional Staffing Solutions Int’l)–SOX IT AUDIT No. Andover, MA Feb. – March ‘05

SOX IT Consultant - Project Lead, full cycle SOX IT Internal Auditing and consulting at client sites

At Microfinancial Inc., Woburn, MA. Developed Cobit Framework for corporate Control Objectives; responsible for development of SOX Pilot documentation (Narratives, Process Flows, and Matrices) of GCC and Application Controls

At Zoll Medical, Chelmsford, MA. Delivered guidance documentation on their current SOX 404 strategy, including recommendations to Corporate on Test Plans, Narratives, and Polices and Procedures documents. Oracle 9i and 11i ERP application and GCC testing script and reviews.

Robert Half International at Concentra Waltham, MA – SOX IT AUDIT Nov. 2004 – Jan. 2005

SOX IT Project Lead Consultant – At Concentra Healthcare Services, GCC Controls Testing. Led controls remediation status meetings for EOY IT testing activities.

Lead GCC tester for four Corporate Billing and Financial applications including Oracle 11i OFA application. (Concentra specializes in outsourced cost management services for Group Health insurance companies, payer organizations and medical providers, also offering Workman’s Compensation and additional healthcare services), Waltham, MA.

Ernst & Young LLP at Banknorth Corporate– SOX IT AUDIT Boston, MA Aug. 2004 – Oct. 2004

SOX IT Audit Consultant at E&Y’s client BankNorth (now TD Bank) for a three month contract.

Authored and delivered pilot SOX Narrative (CobIT framework), Key IT Controls Matrix, and Process Flow for Managed Changes “Mainframe”, (Mainframe Operations was outsourced to Fidelity Information Systems in Philadelphia PA, with their Ops and Applications managers employed on-site) at Banknorth Corporate Headquarters in Portland, Maine. Also collaborated on site with E&Y Senior Managers on SOX Narrative, Matrix, and Process Flow for Managed Changes “Distributed Systems” as well. These deliverables were adopted as the template for all of Banknorth’s Sarbanes-Oxley 404 IT documentation going forward. Manage Change documentation was developed and established via individual interviews of all departments/owners, and then group workshop meetings with line and upper level management. Management process owners and department heads included the bank’s Business Line, Technology, Dist. Apps/Mainframe, CIO, Risk Management, Production Operations, Business Line Relationship and Support, Application Development, and Internal Audit departments.

RSA CORP / Robert Shields & Associates- SOX IT AUDIT - July – Aug. ‘04

SOX IT Audit Consultant

Internal controls consulting for SOX CobIT control objectives, initial kickoff controls scoping and framework assessment. IT Controls risk assessment and testing procedures of Blyth Mfg. Corporation, Greenwich, Ct. Preliminary IT process documentation review, collaborating with Blyth’s Director of Internal Audit.

Tad Technical (temp agency) SOX IT AUDIT Chelmsford, MA. June – July ‘04

SOX IT Audit Consultant

Outsourced to Citrix Software through CSI (Control Solutions International, Nashua NH – One month contract.

Client: Citrix Software at their Corporate headquarters in Fort Lauderdale, Florida.

PricewaterhouseCoopers – Internal Auditor for Citrix, (E&Y External Auditor for Citrix), worked with PwC in SOX IT internal controls auditor/consultant capacity

Developed Gap Analysis, Application Controls and Testing using PwC’s Control Matrices and Narratives covering the IT processes Backup and Recovery, Computer Operations, Physical Security, Logical Access, Change Management.

Application Controls review included: SAP 4.6, SRM/EBP Cash-to-Pay and Procurement, Vantive CRM-to-SAP, SAP bolt-on Vertex Sales and Use Tax Module, Citrix proprietary Incentive Sales Commissions application.

Manpower Temp Agency at client Autodesk Software Corp.

SAP Call Center Transactions Specialist – SAP 4.6 Manchester, NH Nov. 2002 – Aug. 2003

SAP customer entitlement, subscription and licensing processing (SD module) for Customer Care Business Center at Autodesk Inc., a software company marketing AutoCAD and Architectural Software to the Construction, CAD Graphics, and Computer Animation industries, for 9 month contract.

Nortel Networks Billerica, Mass Nov. 1998 – Feb. 2002

Staff IS Analyst (FTE) fulfilling the following roles:

Middleware Administrator, IBM Websphere Business Integrator [WBI] and Interchange Server (then known as CrossWorlds), which provided EAI business logic between backend (SAP 4.5B) to CRM Call Center frontend (Clarify 6.0), for worldwide Service Contracts. Project Lead for maintenance, testing, and troubleshooting of four CrossWorlds eCommerce APIs throughout lifecycle of an SAP upgrade and associated WBI connector migration.

Network administrator, NT 4.0 environment for distributed CrossWorlds Production test, and development servers, and associated SQL engines (Microsoft SQL Enterprise Server 6.5, 7.0, and Oracle 8i). Maintaiined server-based and web-based IBM MQSeries for asynchronous messaging, Visigenics IIOP platform for Corba and ORB communication, BEA Weblogic . Also monitoring and troubleshooting of SAP archive tables, repository and SAP/Crossworlds tables.

Systems Analyst, providing ongoing Contract business objects and Contact business objects troubleshooting of Enterprise network attributed data/linkage problems - utilized tool set including Microsoft ISQL client, Websphere (CrossWorlds) Interchange Server, and Microsoft NT 4.0 Administrator utilities. Participated in Alpha and Beta development of Crossworlds SAP-to-CRM API “collaborations” including Worldwide Contracts, Contacts (bi-directional), Functional Locations (Sites) and Items (Material and Products). Additional CrossWorlds development including coding, mapping and logic changes using third-party Mercator business object map editor (CrossWorlds Rel. 1.3.1). Project Lead for installation and testing of CrossWorlds SAP 4.5 connector during a successful SAP 3.0f -> SAP 4.5B upgrade. Coordinated Crossworlds SAP transports for upgrades and instance refreshes.

Support Prime for Unix, NT 4.0/Win2000 Server and Sun Solaris Global Interface Infrastructure (Corporate wide proprietary MQSeries-based IHUB of Legacy-to-ERP and CRM Enterprise interfaces, totaling 200 – 300 Unix shell and wrapper scripted flat file interfaces). 24/7 on-call

Contact this candidate